My Writing
- Communication The Need to Deal with Internal Politics for Security Professionals Nearly half of security professionals report internal and political issues consume most of their time. Rather than viewing this as red tape preventing real work, accept that navigating organizational...
- Authentication Better Internal Vulnerability Scanning With Authentication Authenticated vulnerability scans provide far more comprehensive results than anonymous scans by allowing the tool to examine installed applications, patches, and configurations. Create dedicated...
- Malware Understanding Computer Attack and Defense Techniques Modern attacks combine social engineering to bypass technical defenses, client-side exploits targeting browsers and add-ons, web application vulnerabilities like SQL injection, and persistent...
- Incident Response Insider Threat - A Touchy Security Topic The insider vs. outsider threat debate may be less relevant as external attackers increasingly compromise employee workstations via social engineering and exploit kits—outsiders become insiders....
- Leadership Return on Investment (ROI) - A Touchy Security Topic ROI in finance means income-generating return, but security prevents loss rather than creating wealth. Vendors misuse "ROI" to justify expenses as "investments." ROSI calculations rely on annualized...
- Threat Intelligence Advanced Persistent Threat (APT) - A Touchy Security Topic APT causes heated debates because it's become a marketing buzzword. Some define it as an attack process with certain characteristics (the "What" group), while Mandiant uses it for specific...